From d51eeede019217cae3ceef467826e385cbc05cf6 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 19 Aug 2024 11:37:02 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E6=94=AF=E6=8C=81=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E6=9F=A5=E7=9C=8B=E9=A1=B9=E7=9B=AE=E6=88=90?= =?UTF-8?q?=E5=91=98=20#9620?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/api/migrate/OpAuthMigrateResource.kt | 8 ++ .../devops/auth/dao/AuthResourceGroupDao.kt | 26 ++++- .../rbac/config/RbacAuthConfiguration.kt | 20 +++- .../rbac/service/AuthResourceService.kt | 2 +- .../service/PermissionSubsetManagerService.kt | 2 +- .../RbacPermissionResourceGroupService.kt | 2 +- .../RbacPermissionResourceGroupSyncService.kt | 21 ++-- .../service/migrate/AbMigratePolicyService.kt | 2 +- .../migrate/MigrateResourceGroupService.kt | 103 ++++++++++++++++++ .../migrate/RbacPermissionMigrateService.kt | 18 ++- .../service/SamplePermissionMigrateService.kt | 2 + .../resources/OpAuthMigrateResourceImpl.kt | 4 + .../service/iam/PermissionMigrateService.kt | 5 + 13 files changed, 190 insertions(+), 25 deletions(-) create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/MigrateResourceGroupService.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt index e040c4c0128..1d380c079d9 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt @@ -153,4 +153,12 @@ interface OpAuthMigrateResource { @Path("/migrateAllResourceAuthorization") @Operation(summary = "迁移资源授权-全量") fun migrateAllResourceAuthorization(): Result + + @POST + @Path("/fixResourceGroups") + @Operation(summary = "修复资源组") + fun fixResourceGroups( + @Parameter(description = "迁移项目", required = true) + projectCodes: List + ): Result } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupDao.kt index d170d9a0b72..49efc0066bd 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupDao.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupDao.kt @@ -123,7 +123,7 @@ class AuthResourceGroupDao { it.iamTemplateId ).onDuplicateKeyUpdate() .set(GROUP_NAME, it.groupName) - .set(UPDATE_TIME, it.updateTime) + .set(UPDATE_TIME, now) }).execute() } } @@ -135,13 +135,15 @@ class AuthResourceGroupDao { resourceCode: String, resourceName: String, groupCode: String, - groupName: String + groupName: String, + relationId: String? = null ): Int { val now = LocalDateTime.now() return with(TAuthResourceGroup.T_AUTH_RESOURCE_GROUP) { dslContext.update(this) .set(GROUP_NAME, groupName) .set(RESOURCE_NAME, resourceName) + .let { if (relationId != null) it.set(RELATION_ID, relationId) else it } .set(UPDATE_TIME, now) .where(PROJECT_CODE.eq(projectCode)) .and(RESOURCE_CODE.eq(resourceCode)) @@ -281,11 +283,29 @@ class AuthResourceGroupDao { projectCode: String, resourceType: String, resourceCode: String - ): List { + ): List { return with(TAuthResourceGroup.T_AUTH_RESOURCE_GROUP) { + val result = mutableListOf() dslContext.selectFrom(this).where(PROJECT_CODE.eq(projectCode)) .and(RESOURCE_CODE.eq(resourceCode)) .and(RESOURCE_TYPE.eq(resourceType)) + .fetch().forEach { + val authResourceGroup = convert(it) + if (authResourceGroup != null) { + result.add(authResourceGroup) + } + } + result + } + } + + fun listRecordsOfNeedToFix( + dslContext: DSLContext, + projectCode: String + ): Result { + return with(TAuthResourceGroup.T_AUTH_RESOURCE_GROUP) { + dslContext.selectFrom(this).where(PROJECT_CODE.eq(projectCode)) + .and(RELATION_ID.eq("null")) .fetch() } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt index d85c80f4ec2..aa5e79a6e84 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacAuthConfiguration.kt @@ -73,6 +73,7 @@ import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateIamApiServic import com.tencent.devops.auth.provider.rbac.service.migrate.MigratePermissionHandoverService import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateResourceAuthorizationService import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateResourceCodeConverter +import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateResourceGroupService import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateResourceService import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateResultService import com.tencent.devops.auth.provider.rbac.service.migrate.MigrateV0PolicyService @@ -372,6 +373,19 @@ class RbacAuthConfiguration { authResourceGroupDao = authResourceGroupDao ) + @Bean + fun migrateResourceGroupService( + authResourceService: AuthResourceService, + dslContext: DSLContext, + authResourceGroupDao: AuthResourceGroupDao, + iamV2ManagerService: V2ManagerService + ) = MigrateResourceGroupService( + authResourceService = authResourceService, + dslContext = dslContext, + authResourceGroupDao = authResourceGroupDao, + iamV2ManagerService = iamV2ManagerService + ) + @Bean fun migrateIamApiService() = MigrateIamApiService() @@ -486,7 +500,8 @@ class RbacAuthConfiguration { authMonitorSpaceDao: AuthMonitorSpaceDao, cacheService: RbacCacheService, permissionResourceMemberService: RbacPermissionResourceMemberService, - migrateResourceAuthorizationService: MigrateResourceAuthorizationService + migrateResourceAuthorizationService: MigrateResourceAuthorizationService, + migrateResourceGroupService: MigrateResourceGroupService ) = RbacPermissionMigrateService( client = client, migrateResourceService = migrateResourceService, @@ -503,7 +518,8 @@ class RbacAuthConfiguration { authMonitorSpaceDao = authMonitorSpaceDao, cacheService = cacheService, permissionResourceMemberService = permissionResourceMemberService, - migrateResourceAuthorizationService = migrateResourceAuthorizationService + migrateResourceAuthorizationService = migrateResourceAuthorizationService, + migrateResourceGroupService = migrateResourceGroupService ) @Bean diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/AuthResourceService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/AuthResourceService.kt index 8e23470d6c3..bad925ae680 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/AuthResourceService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/AuthResourceService.kt @@ -182,7 +182,7 @@ class AuthResourceService @Autowired constructor( resourceCode = resourceCode ).filter { it.groupCode != DefaultGroupType.MANAGER.value - }.map { it.id } + }.map { it.id!! } dslContext.transaction { configuration -> val transactionContext = DSL.using(configuration) authResourceDao.disable( diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/PermissionSubsetManagerService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/PermissionSubsetManagerService.kt index 788d07ab2c2..2b26f9d4fef 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/PermissionSubsetManagerService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/PermissionSubsetManagerService.kt @@ -357,7 +357,7 @@ class PermissionSubsetManagerService @Autowired constructor( it.groupCode != DefaultGroupType.MANAGER.value }.forEach { logger.info("delete subset manage default group|$subsetManagerId|${it.relationId}") - iamV2ManagerService.deleteRoleGroupV2(it.relationId.toInt()) + iamV2ManagerService.deleteRoleGroupV2(it.relationId) } } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt index b1179967002..62e0309f4e4 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupService.kt @@ -135,7 +135,7 @@ class RbacPermissionResourceGroupService @Autowired constructor( projectCode = projectId, resourceType = resourceType, resourceCode = resourceCode - ).associateBy { it.relationId.toInt() } + ).associateBy { it.relationId } val iamGroupInfoVoList = iamGroupInfoList.map { val resourceGroup = resourceGroupMap[it.id] val defaultGroup = resourceGroup?.defaultGroup ?: false diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt index b8521c12aa3..9d88a0d9972 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt @@ -143,7 +143,7 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor( resourceType = resourceType, resourceCode = resourceCode, groupCode = resourceGroup.groupCode, - iamGroupId = resourceGroup.relationId.toInt() + iamGroupId = resourceGroup.relationId ) } } @@ -262,7 +262,7 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor( projectCode = projectCode, resourceType = AuthResourceType.PROJECT.value, resourceCode = projectCode - ).associateBy { it.relationId.toInt() } + ).associateBy { it.relationId } // 查询项目下用户组列表 val searchGroupDTO = SearchGroupDTO.builder().inherit(false).build() @@ -304,16 +304,13 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor( projectGroup.description != iamGroupInfo.description || projectGroup.iamTemplateId != templateId ) { - val toUpdateGroupRecord = authResourceGroupDao.convert(projectGroup) - if (toUpdateGroupRecord != null) { - toUpdateGroups.add( - toUpdateGroupRecord.copy( - groupName = iamGroupInfo.name, - description = iamGroupInfo.description, - iamTemplateId = templateId - ) + toUpdateGroups.add( + projectGroup.copy( + groupName = iamGroupInfo.name, + description = iamGroupInfo.description, + iamTemplateId = templateId ) - } + ) } } else { toAddGroups.add( @@ -335,7 +332,7 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor( } dslContext.transaction { configuration -> val transactionContext = DSL.using(configuration) - authResourceGroupDao.deleteByIds(transactionContext, toDeleteGroups.map { it.id }) + authResourceGroupDao.deleteByIds(transactionContext, toDeleteGroups.map { it.id!! }) authResourceGroupDao.batchCreate(transactionContext, toAddGroups) authResourceGroupDao.batchUpdate(transactionContext, toUpdateGroups) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/AbMigratePolicyService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/AbMigratePolicyService.kt index f570638eb88..4fae9d617a7 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/AbMigratePolicyService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/AbMigratePolicyService.kt @@ -157,7 +157,7 @@ abstract class AbMigratePolicyService( projectName = groupInfo.resourceName ) authorizationScopeList.forEach { authorizationScope -> - v2ManagerService.grantRoleGroupV2(groupInfo.relationId.toInt(), authorizationScope) + v2ManagerService.grantRoleGroupV2(groupInfo.relationId, authorizationScope) } } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/MigrateResourceGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/MigrateResourceGroupService.kt new file mode 100644 index 00000000000..74402c2bd59 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/MigrateResourceGroupService.kt @@ -0,0 +1,103 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + */ + +package com.tencent.devops.auth.provider.rbac.service.migrate + +import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO +import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO +import com.tencent.bk.sdk.iam.service.v2.V2ManagerService +import com.tencent.devops.auth.dao.AuthResourceGroupDao +import com.tencent.devops.auth.provider.rbac.service.AuthResourceService +import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.AuthResourceType +import org.jooq.DSLContext +import org.slf4j.LoggerFactory +import org.springframework.beans.factory.annotation.Autowired + +/** + * 将资源组迁移到权限中心 + */ +@Suppress("LongParameterList", "MagicNumber") +class MigrateResourceGroupService @Autowired constructor( + private val authResourceService: AuthResourceService, + private val dslContext: DSLContext, + private val authResourceGroupDao: AuthResourceGroupDao, + private val iamV2ManagerService: V2ManagerService +) { + fun fixResourceGroups(projectCode: String) { + logger.info("start to fix resource groups,$projectCode ") + val recordsOfNeedToFix = authResourceGroupDao.listRecordsOfNeedToFix( + dslContext = dslContext, + projectCode = projectCode + ) + logger.info("resource groups need to fix ,$projectCode|$recordsOfNeedToFix") + recordsOfNeedToFix.forEach { resourceGroupInfo -> + val resourceInfo = authResourceService.get( + projectCode = projectCode, + resourceType = resourceGroupInfo.resourceType, + resourceCode = resourceGroupInfo.resourceCode + ) + val pageInfoDTO = V2PageInfoDTO() + pageInfoDTO.page = PageUtil.DEFAULT_PAGE + pageInfoDTO.pageSize = PageUtil.DEFAULT_PAGE_SIZE + val iamGroupInfo = if (resourceInfo.resourceType == AuthResourceType.PROJECT.value) { + val searchGroupDTO = SearchGroupDTO.builder() + .inherit(false) + .name(resourceGroupInfo.groupName) + .build() + iamV2ManagerService.getGradeManagerRoleGroupV2( + resourceInfo.relationId, + searchGroupDTO, + pageInfoDTO + ) + } else { + iamV2ManagerService.getSubsetManagerRoleGroup( + resourceInfo.relationId.toInt(), + pageInfoDTO + ) + }.results.firstOrNull { it.name == resourceGroupInfo.groupName } + logger.info("resource groups need to fix,iam group info $projectCode|$iamGroupInfo") + if (iamGroupInfo != null) { + authResourceGroupDao.update( + dslContext = dslContext, + projectCode = projectCode, + resourceType = resourceGroupInfo.resourceType, + resourceCode = resourceGroupInfo.resourceCode, + resourceName = resourceInfo.resourceName, + groupCode = resourceGroupInfo.groupCode, + groupName = resourceGroupInfo.groupName, + relationId = iamGroupInfo.id.toString() + ) + } + } + } + + companion object { + private val logger = LoggerFactory.getLogger(MigrateResourceGroupService::class.java) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt index 7a507ae34a1..7523c4fff65 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt @@ -57,12 +57,12 @@ import com.tencent.devops.project.api.service.ServiceProjectResource import com.tencent.devops.project.api.service.ServiceProjectTagResource import com.tencent.devops.project.pojo.ProjectProperties import com.tencent.devops.project.pojo.ProjectVO -import java.util.concurrent.CompletionException -import java.util.concurrent.Executors import org.jooq.DSLContext import org.slf4j.LoggerFactory import org.slf4j.MDC import org.springframework.beans.factory.annotation.Value +import java.util.concurrent.CompletionException +import java.util.concurrent.Executors /** * rbac迁移服务 @@ -84,7 +84,8 @@ class RbacPermissionMigrateService constructor( private val authMonitorSpaceDao: AuthMonitorSpaceDao, private val cacheService: RbacCacheService, private val permissionResourceMemberService: PermissionResourceMemberService, - private val migrateResourceAuthorizationService: MigrateResourceAuthorizationService + private val migrateResourceAuthorizationService: MigrateResourceAuthorizationService, + private val migrateResourceGroupService: MigrateResourceGroupService ) : PermissionMigrateService { companion object { @@ -207,7 +208,7 @@ class RbacPermissionMigrateService constructor( val resourceType = migrateResourceDTO.resourceType val isMigrateProjectResource = migrateResourceDTO.migrateProjectResource == true val isMigrateOtherResource = migrateResourceDTO.migrateOtherResource == true && - resourceType != null + resourceType != null val projectInfoList = client.get(ServiceProjectResource::class).listByProjectCode(projectCodes.toSet()) .data!!.filter { val r = it.routerTag @@ -685,4 +686,13 @@ class RbacPermissionMigrateService constructor( override fun migrateAllResourceAuthorization(): Boolean { return migrateResourceAuthorizationService.migrateAllResourceAuthorization() } + + override fun fixResourceGroups(projectCodes: List): Boolean { + projectCodes.forEach { + migrateResourceGroupService.fixResourceGroups( + projectCode = it + ) + } + return true + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt index 4317d8446ec..13b3f743a0e 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt @@ -98,4 +98,6 @@ class SamplePermissionMigrateService( override fun migrateAllResourceAuthorization(): Boolean { return migrateResourceAuthorizationService.migrateAllResourceAuthorization() } + + override fun fixResourceGroups(projectCodes: List): Boolean = true } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt index eb625e32839..945d6c3c838 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt @@ -106,4 +106,8 @@ class OpAuthMigrateResourceImpl @Autowired constructor( override fun migrateAllResourceAuthorization(): Result { return Result(permissionMigrateService.migrateAllResourceAuthorization()) } + + override fun fixResourceGroups(projectCodes: List): Result { + return Result(permissionMigrateService.fixResourceGroups(projectCodes)) + } } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt index 56b83f074fa..2d839d78036 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt @@ -111,4 +111,9 @@ interface PermissionMigrateService { * 全量迁移资源授权 */ fun migrateAllResourceAuthorization(): Boolean + + /** + * 修复资源组数据,存在同步iam资源组数据,数据库 iam组id为NULL的情况,需要进行修复 + */ + fun fixResourceGroups(projectCodes: List): Boolean }